d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't let yp_match() or yp_next() operate on null or empty keys: asking

Browse Source 
ypserv to do a yp_match() with an a null or empty key causes much havok.
(Note that this could be construed as a denial of service attack if used
maliciously.)
This commit is contained in:
wpaul 1995-03-23 22:23:15 +00:00
parent 998ceec3c2
commit badb0319f7
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/libc/yp/yplib.c
View File

@ -28,7 +28,7 @@
*/
#ifndef LINT
static char *rcsid = "$Id: yplib.c,v 1.1 1994/08/07 23:04:55 wollman Exp $";
static char *rcsid = "$Id: yplib.c,v 1.2 1995/03/21 00:48:55 wpaul Exp $";
#endif
#include <sys/param.h>
@ -380,6 +380,11 @@ int *outvallen;
*outval = NULL;
*outvallen = 0;
/* Sanity check: no null keys allowed! */
if (inkey == NULL || *inkey == '\0')
return YPERR_KEY;
again:
if( _yp_dobind(indomain, &ysd) != 0)
return YPERR_DOMAIN;
@ -510,6 +515,11 @@ int *outvallen;
*outkey = *outval = NULL;
*outkeylen = *outvallen = 0;
/* Sanity check: no null keys allowed! */
if (inkey == NULL || *inkey == '\0')
return YPERR_KEY;
again:
if( _yp_dobind(indomain, &ysd) != 0)
return YPERR_DOMAIN;